HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Updated to 3.0.3.3 and SSL/8080 stopped working (http://www.howtoforge.com/forums/showthread.php?t=52321)

eko_taas 16th April 2011 10:23

Updated to 3.0.3.3 and SSL/8080 stopped working
 
SSL/8080 was working earlier OK, but after updating to 3.0.3.3 (at my own risk used from panel (system / Remote actions / Do ISPConfig-update ), went OK, but also after restart ISPConfig thru SSL stopped working (unsecured OK). Otherwise seems to work OK (shows 3.0.3.3 when logged in).

I checked as per manual 6.2. ("6.2 Enabling SSL For The ISPConfig Web Interface") and all looks the same as earlier:
- certificates exists
- a2enmod ssl" gives "Module ssl already enabled"
- SSL engine extra lines in file still exists

so:
- http://server1.example.com:8080 => works
- https://server1.example.com:8080 => gives below
Quote:

Secure Connection Failed
An error occurred during a connection to server1.example.com:8080.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
When re-starting machine, everything looks OK, but when manually restart of apache shows error
Code:

# /etc/init.d/apache2 restart
Restarting web server: apache2apache2: apr_sockaddr_info_get() failed for server1.example.com
...
 ... waiting apache2: apr_sockaddr_info_get() failed for server1.example.com
...
#

Any idea?

Webmin (with SSL) still OK (done as HOWTO)
http://www.howtoforge.net/easy-round...debian-squeeze

falko 17th April 2011 22:54

Can you post your /etc/apache2/sites-available/ispconfig.vhost file?

benlake 18th April 2011 17:20

When I upgraded my ispconfig.vhost had been reverted to non-SSL version, and the error you are getting is exactly what would happen if you specified https:// when connecting to a port not speaking SSL. So most likely it isthe config now has SSLEngine On commented out.

till 18th April 2011 17:27

Quote:

So most likely it isthe config now has SSLEngine On commented out.
This happens if your ssl certificates are in a wrong location or have wrong filenames. ISPConfig espects the ssl certs for the interface here:

/usr/local/ispconfig/interface/ssl/ispserver.crt
/usr/local/ispconfig/interface/ssl/ispserver.key

eko_taas 18th April 2011 17:45

Mistake on manual then?
 
Manual ("Version 1.1 for ISPConfig 3.0.3", chapter 6.2) asks to create ssl-certificates on diff. place
Quote:

Make the directory for the SSL certificate:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
...
vi /etc/apache2/sites-available/ispconfig.vhost
... and insert the following lines...
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/ispserver.crt
SSLCertificateKeyFile /etc/apache2/ssl/ispserver.key
...
Now (as done per manual on org installation before update):
Code:

/usr/local/ispconfig/interface/ssl# cd /etc/apache2/ssl
 /etc/apache2/ssl# ls
ispserver.crt  ispserver.csr  ispserver.key  ispserver.key.secure
...
/usr/local/ispconfig/interface/ssl# ls
(empty...)

This setup worked in earlier version...

Now do I'll have to
- copy /etc/apache2/ssl to /usr/local/ispconfig/interface/ssl
- edit /etc/apache2/sites-available/ispconfig.vhost as to point to /usr/local/ispconfig/interface/ssl
or what is the correct way?

eko_taas 18th April 2011 18:33

Seems that upgrade has also changed /etc/apache2/sites-available/ispconfig.vhost as earlier changes not any more there

Code:

...
  # SSL Configuration
  #SSLEngine On
  #SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
  #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
...

So removed comments and copied
Code:

# cp /etc/apache2/ssl/* /usr/local/ispconfig/interface/ssl/
l# cd /usr/local/ispconfig/interface/ssl/
 /usr/local/ispconfig/interface/ssl# ls
ispserver.crt  ispserver.csr  ispserver.key  ispserver.key.secure
# /etc/init.d/apache2 restart

And WOW, SSL working again....
Code:

https://server1.example.com:8080/
https://example.com:8080/webmail/

Thanks for help, please correct manual as well (if needed ;) )

I future I hope that upgrade would not touch these basic things....

micko_escalade 24th April 2011 04:34

Run into same issue as eko_taas but just to make it clear I had to copy all files using
Code:

cp /etc/apache2/ssl/* /usr/local/ispconfig/interface/ssl/
Then from the manual page 297 this:
Code:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/ispserver.crt
SSLCertificateKeyFile /etc/apache2/ssl/ispserver.key

inside /etc/apache2/sites-available/ispconfig.vhost

un-commenting

Code:

  # SSL Configuration
  #SSLEngine On
  #SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
  #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

Did now solve my issue.


All times are GMT +2. The time now is 21:17.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.